Disruption in 2020 paves the way for threat actors in 2021 and beyond

There’s no doubt that 2020 will be remembered for the uncertainty and rapid change it brought. As the global pandemic accelerated trends like remote working and digital transformation, it has also created new cybersecurity challenges. However, although much of 2020 was unpredictable, it’s still possible to step back and look at infosecurity developments that will point the way forward. Sophisticated social engineered attacks on the horizon A recent Verizon report highlighted social engineering as a … More

The post Disruption in 2020 paves the way for threat actors in 2021 and beyond appeared first on Help Net Security.

DigiCert now enables manufacturers to embed certificates on chips prior to manufacturing

DigiCert helps companies provision and manage digital certificates at any point during the product lifecycle with the new release of the IoT Device Manager.

Manufacturers can now embed certificates on chipsets prior to and during manufacturing, or directly to an edge device, for complete end-to-end device security. IoT Device Manager is built on DigiCert ONE, which enables rapid, automated PKI deployment as a customer-managed, on-premises or cloud solution, or managed by DigiCert for any environment.

A challenge manufacturers face when implementing PKI is figuring out how to provision certificates to devices during the manufacturing and assembly process. Changing manufacturing processes by implementing new technology can be a time consuming and expensive undertaking.

To address this challenge, DigiCert provisions authentication and signing certificates to chips prior to arriving at the manufacturing plant for assembly. Having certificates pre-provisioned allows manufacturers, without changing any processes, to achieve the benefits of device identity, strong mutual authentication, and secure boot and over-the-air updates through the use of digital signatures.

Additionally, as manufacturers look for more device-level data and management capabilities, metadata on the device’s characteristics — including serial numbers, batch numbers and digital certificate data — can be loaded into DigiCert IoT Device Manager to support full device management capabilities throughout a device’s lifetime.

“Signing is a critical component of strong IoT security, and manufacturers are continually signing a variety of programming elements to ensure the integrity of interactions with their devices, and the data coming from it,” said DigiCert SVP of Product Brian Trzupek.

“Together with assuring the identity of the device at the time of manufacture and enabling certificate requests directly from any deployed device, IoT Device Manager is part of a holistic security and threat response platform for IoT device security.”

Manufacturers are simplifying the complexity of IoT deployments by pushing more activity to the edge device. To support this transition, a device-centric API in the IoT Device Manager enables unique devices to request, update and manage the lifecycle of certificates.

Complicated and expensive service layers that take time and effort to develop are no longer necessary for certificate provisioning and management. This feature allows manufacturers to simplify deployments, accelerate time to market and reduce the overall risk of their PKI.

IoT Device Manager uses a container-based, cloud-native implementation to:

  • allow organizations to provision and embed device identity at any stage of the device lifecycle, from the factory to device deployment in a variety of environments to provide trusted and secure operations.
  • simplify device identity, authentication, encryption and integrity with a single click and marry device data visualization with cryptographic, manufacturing and factory process data.
  • support standards-based interoperability with third-party manufacturing and provisioning systems and enable technology partners to address a variety of use cases for today’s IoT security requirements.

Secure Software Manager can be utilized together with IoT Device Manager to:

  • deploy modern PKI automation for frictionless secure code signing and private key management.
  • sign all files at any stage of the development cycle, not only for specific code but also clusters and containers.

DigiCert and Atea deliver a fully managed service for multiple types of digital certificate-based use cases

DigiCert and Atea jointly announced a partnership to launch the new Atea Managed Certificate Service offering insight into certificate health, usage and endpoint vulnerabilities to ensure the best possible customer experience for secure communication.

Delivered by Atea Managed Services and powered by core DigiCert CertCentral technology the new service includes the ability to automatically locate, identify, and track all certificates in use with 24/7 monitoring, management and renewals throughout any network and connected device environment.

“In our view, DigiCert is the leader in this space offering a technically advanced solution with root certificates built into everything from operating systems, browsers to applications along with a good reputation and proven longevity within the market,” said Patrick Kvaksrud, Service Owner for Atea.

“At an integration level, the well documented API’s and support for Automatic Certificate Management Environment (ACME) protocol has made it easy for us to integrate our operational systems alongside CertCentral to create a unified managed service that is simple to use with flexible yet comprehensive reporting,” Kvaksrud added.

The new Managed Certificate service is available via Basic and Plus tiers with a range of management, discovery and reporting features that span TLS/SSL and other digital certificates, PKI, lifecycle management and TCP endpoint reporting.

DigiCert is the world’s leading Certificate Authority and one of the original CAs to provide industry requirements and related solutions that assert the value of validated identity, whether that’s organisations, individuals or things.

The company has committed to numerous cutting-edge R&D projects around organisation identity, quantum computing and IoT device identity and customers rely on DigiCert to solve complex identity, authentication and encryption challenges.

“Atea have the trust and expertise to deliver critical managed services, and we are proud to offer our technology to enable their end customers to benefit from simpler and more flexible certificate management processes,” said Viktor Kedvall Prag, Regional Manager, DigiCert, Nordics.

“Atea have developed well-defined procedures and methods of handling daily maintenance, using best practice to plan and implement changes, thus ensuring that certificate management is a fundamental process that enables secure connectivity and enhance business continuity.”

DigiCert Enterprise PKI Manager supports security for remote workforces

Enterprise PKI Manager in DigiCert ONE from DigiCert supports security for today’s increasingly remote workforces via certificate automation to authenticate employees and their devices at scale, and encrypt data.

Working from home is here to stay, with Gartner reporting that 74% of CFOs are looking to shift some employees to permanent remote work. Digital certificates are a proven, widely adopted solution for strong authentication and are well supported by a variety of devices, platforms and operating systems.

Many organizations, including the world’s best brands, use private CA systems within their networks, relying on manual certificate management that often leads to errors or shutdowns and overworked teams.

Enterprise PKI Manager makes it easy for organizations to manage and use digital certificates to secure all employees, devices and data that connect to the network, and it can be deployed as a customer-managed on-premises or cloud solution, or managed by DigiCert.

“Enterprise PKI Manager offers the smart automation and integration capabilities enterprise organizations need to safely support workers wherever they choose to connect to the network,” said DigiCert SVP of Product Brian Trzupek.

“Customizable and compatible with a variety of mobile device management solutions, Enterprise PKI Manager enables our customers to manage their entire remote workforce and devices from one PKI system to better protect users and their devices, as well as the data, email and applications that they rely upon.”

Enterprise PKI Manager offers a flexible, unified approach to PKI management at scale. With Enterprise PKI Manager, organizations can enable digital signing for large volumes of users and devices quickly, utilizing a containerized, cloud-native architecture that rapidly deploys digital certificates on-demand.

Enterprise PKI Manager gives organizations the ability to:

  • Enable API-based automated device and user enrollment with digital certificates.
  • Integrate with leading MDM/UEM platforms for secure device enrollment and management.
  • Secure emails with authentication and encryption via S/MIME certificates.
  • Enable secure document signing across the organization’s physical and virtual network environments.
  • Integrate with the other DigiCert ONE workflow managers for secure code signing for software and IoT device security.

DigiCert is continually innovating to develop comprehensive solutions for work-from-home and remote access use cases, and integration initiatives are in place with a variety of leading MDM, UEM and smart card partners.

Enterprise PKI Manager is built on DigiCert ONE, a PKI management platform developed with cloud-native architecture and technology to be the PKI infrastructure service to solve today’s security challenges.

Released in 2020, DigiCert ONE offers multiple management solutions and is designed for all PKI use cases. Its flexibility allows it to be deployed on-premises, in-country or in the cloud to meet stringent requirements, custom integrations and airgap needs.

It also deploys extremely high volumes of certificates quickly using a robust and highly scalable infrastructure. DigiCert ONE delivers end-to-end centralized user and device certificate management, a modern approach to PKI to provide trust across dynamic IT architectures.

DigiCert IoT Device Manager: New features and capabilities to drive 5G transformation

DigiCert has announced a robust set of features and capabilities in DigiCert IoT Device Manager that enable telecommunications providers to deploy 5G network services to cloud environments while maintaining security, compliance and performance.

Hosted on the DigiCert ONE platform, IoT Device Manager provides support for strong authentication in dynamic, cloud-native environments, as well as scalability and operational integrity.

Today’s telecommunication organizations face a variety of similar transformation challenges as they migrate to 5G using cloud data centers. Many are moving from primarily physical environments with primitive authentication techniques, minimal use of cryptography and pre-shared keys.

These traditional infrastructures are capital-intensive to scale, inefficient and inflexible, slowing delivery of new services and time to market. Increasingly, they are moving toward more dynamic business models built around a DevOps mindset.

These 5G and cloud environments are virtualized, dynamically scalable and enable unparalleled business agility and smooth scalability.

To support their transformation and enable more rapid time-to-market for products, telecommunication providers require a platform designed for today’s highly dynamic, cloud-native, modern business models.

The platform must provide strong authentication across on-premises and cloud environments, and the ability to perform at scale on the world’s largest networks. It needs to ensure operational integrity to help organizations meet compliance requirements and legal mandates.

IoT Device Manager on DigiCert ONE is built from the ground up to support transformative new models. It delivers:

  • Robust IoT security, establishing a root of trust through PKI for authentication, encryption and data integrity. A simple identity management tool, it lets organizations assign and manage device identity in large or small volumes at any stage of the lifecycle, operating with total visibility over certificates issued to devices.
  • Scalability for 5G and cloud environments, with support for a variety of certificate management protocols, including RESTful API, EST, CMPv2 and EST.
  • Support for broad operational integrity to meet compliance requirements and legal mandates. Utilizing metadata, IoT Device Manager enables a broader integration of tools that previously had been unable to share information and integrate smoothly with one another. By bringing together a diverse array of data from a variety of sources, it enables organizations to gain additional insight and value to support device management.

“As telecommunications, manufacturers and other organizations move to increasingly dynamic models, the IoT Device Manager provides the flexibility and rapid scalability they need to support 5G and cloud migration,” said DigiCert Senior Vice President of Product Brian Trzupek.

“DigiCert ONE delivers the features, compatibility and performance our customers need to accelerate their digital transformation and take advantage of compelling new business models.”

IoT Device Manager uses a container-based, cloud-agnostic implementation and allows organizations to provision and embed device identity at any stage of the device lifecycle, from the factory to device deployment in a variety of environments.

It lets customers simplify device identity, authentication, encryption and integrity with a single click, and marry device data visualization with cryptographic, manufacturing and factory process data. IoT Device Manager supports standards-based interoperability with many third-party manufacturing and provisioning systems.

IoT Device Manager is built on DigiCert ONE, a PKI management platform architected and released in 2020 to be the PKI infrastructure service for today’s modern cloud-native challenges.

DigiCert ONE offers multiple management solutions and is designed for all forms of PKI. It is flexible enough to be deployed on-premises, in-country or in the cloud to meet stringent requirements, custom integrations and airgap needs.

It also deploys extremely high volumes of certificates quickly using robust and highly scalable infrastructure. DigiCert ONE delivers end-to-end centralized user and device certificate management, a modern approach to PKI.

DigiCert named 2020 Global Company of the Year in TLS certificate market by Frost & Sullivan

Frost & Sullivan recognizes DigiCert with the 2020 Global Company of the Year Award, based on its recent analysis of the global TLS certificate market.

OPIS

DigiCert market leadership

DigiCert has exhibited strong market leadership in its growth, supporting the adoption of new standards and continually innovating with the industry’s best, most modern PKI technology.

In addition to the strength in the TLS/SSL market, the company is also focused on new security technologies, such as protecting devices in the IoT and developing implementations of post-quantum cryptography. By developing these technologies and helping define standards to address new security use cases, the company is strengthening its leadership position within internet security.

“Leveraging its superior technology, customizing it to regional markets and building a best-in-class customer support system, DigiCert has captured the business of 89% of the Fortune 500 companies and the world’s most recognized brands,” said Swetha Krishnamoorthi, Industry Analyst at Frost & Sullivan.

“Further, DigiCert has successfully integrated the technology strengths of the former Symantec TLS and PKI business to provide an unequaled product portfolio and scalability for partners and customers. DigiCert’s certificates and management tools support a wide range of enterprise needs and use cases, ranging from standard TLS to compliance-specific use cases such as Google AMP and EU-trusted qualified certificates for natural persons, legal entities or web authentication. The company also supports cloud-based code signing, remote document signing, a host of IoT device authentication and encryption scenarios, large enterprise secure remote access, secure email and much more.”

DigiCert CertCentral TLS Manager enables organizations to issue, discover, renew and revoke certificates in an automated manner. CertCentral features an intuitive UI and is built on APIs for easy certificate management at any scale. DigiCert’s modern and growing DigiCert ONE platform, which also includes DigiCert Enterprise PKI Manager and DigiCert IoT Device Manager, enables management of all types of certificate deployments, such as cloud, on premises, in-country and hybrid environments.

DigiCert has upgraded its infrastructure in a way not seen in its industry to support large installations, regionally-focused deployments and high-volume, rapid certificate enrollments for the world’s largest web platform companies. The company’s agile product development process allows it to roll out changes and product updates more quickly than competitors.

This strategy has helped the company create the industry’s first post-quantum cryptography toolkit, which enables companies to create hybrid certificates for testing in their systems. DigiCert actively engages with industry standards and regulatory bodies to drive the creation and support of new standards and ensure a safe internet and IoT for consumers, including the CA/Browser Forum, IETF, W3C, ASCX9, PCI Council, SAE, CableLabs, CI+, AeroMACS, WinnForum, Industrial Internet Consortium, APWG and NIST NCCoE.

“With its multi-pronged approach to innovation, DigiCert has developed a hyper-converged, agile infrastructure that promises reliability, scalability, resiliency and shorter response time for its customers,” noted Swetha. “Its emphasis on user experience and a customer-first approach to product development will ensure its continued domination of the digital certificate market in the long term.”

Company of the Year award

Each year, Frost & Sullivan presents a Company of the Year award to the organization that demonstrates excellence in growth strategy and implementation in its field. The award recognizes a high degree of innovation with products and technologies and the resulting leadership in terms of customer value and market penetration.

Frost & Sullivan Best Practices Awards recognize companies in a variety of regional and global markets for demonstrating outstanding achievement and superior performance in areas such as leadership, technological innovation, customer service and strategic product development. Industry analysts compare market participants and measure performance through in-depth interviews, analyses and extensive secondary research to identify best practices in the industry.

Why we need to secure IoT connections sooner than later

IoT products offer many conveniences but there are massive amounts of data being transferred to and from these services vulnerable to attack if left unsecured. In this podcast, Mike Nelson, Vice President of IoT Security at DigiCert, talks about the growing insecurity of IoT devices and what we should do about it.

secure IoT connections

Here’s a transcript of the podcast for your convenience.

Hey everyone, it’s Mike Nelson. I’m the vice president of IoT security at DigiCert. DigiCert is the world’s leading provider of PKI products and services. And we’re here today to talk about an interesting topic and a topic of growing importance.

As most of us are aware, connectivity is growing all around us. Businesses are becoming more connected. In recent days, more and more employees of businesses are working from home and needing secure connectivity. The number of IoT devices continues to grow in mass amounts globally. Those devices are creating a lot of connectivity around us, but that connectivity also creates a lot of security risk and exposure that a lot of consumers who are going about their normal lives are not aware of.

What I’d like to talk about today is the growing need to secure that connection, whether that be within a business, whether that be with a connected device in a consumer’s home, or whether that be a consumer browsing the internet. All of that connectivity needs to be done in a way that is secure, and the importance of that is so critical.

My expertise of course is in the IoT space. I’ll be focusing the majority of the discussion today around IoT. But we’ll also talk a little bit about businesses and the importance of securing the internet.

In the IoT space, it’s projected that billions and billions of devices, up to 43 billion devices will be in the market in the coming years. Those devices are collecting sensitive data, they’re providing critical business functions, they’re providing healthcare monitoring, and even performing healthcare procedures. Those devices are critical to the function of our society and they will grow in their importance. A lot of those devices are, as I mentioned, insecure, and the risk of those devices being attacked is very real and provides some scary consequences.

If we think just about the volume of data that these devices are collecting, it’s estimated that nearly 80 zettabytes of data will be generated in IoT over the coming years. That’s equivalent to about 90% of the data that has been generated globally to this point. So, mass amounts of data is being generated. A lot of that data should be handled in a confidential way. Some of it is proprietary information for businesses, it’s patient health information, it’s the secret sauces of business that they want to keep confidential. And so, as that data grows, it’s incredibly important that we keep it secure.

As we look at IoT exploits that have happened up to this point, there are some common vulnerabilities that we see over and over in these attacks. And those common vulnerabilities are really a good starting point for implementing security practices. The first common vulnerability that we see with IoT is lack of proper authentication.

We read a lot about bad password practices, and hard-coded credentials, and hackers being able to gain access because they go in and they are able to discover the password and the user manuals of IoT – IoT instruction manuals. Bad authentication is one of the greatest risks right now with IoT. And there’s a lot going on in that regards to improve that.

In addition to bad practice of passwords, the backend connections and making sure that anything the devices are connecting to is properly authenticated. If your device connects to a server or a piece of middleware, you want to make sure that that connection is authentic so that it doesn’t trust connections of parties that you don’t want gaining access to your device. And so authentication of both the user, but also the backend connections need to be of utmost importance.

The second common vulnerability that we see is around protection of the data. Palo Alto Networks recently released a report that said 98% of IoT data traffic is unencrypted. That’s a terrifying statistic, especially considering the volume of data that I mentioned earlier and the sensitivity of that data. And we see data compromise very frequently when it comes to IoT attacks. That’s another very common vulnerability – the data not being handled in a confidential way.

The third and final one is around integrity. How do you know that the packages being sent to the device are coming from a trusted source, and that a man in the middle attack has not occurred, modifying the value or embedding malware in the package and then sending it onto your device. Integrity is so critical, especially when businesses are making decisions related to that data, or when doctors are using the data to make treatment decisions for patients. And so integrity, the importance of making sure that the values of that data have integrity associated with them, is very critical.

And so what do you do? The starting point, I’m asked all the time: “So where do we start? What do we need to do as we venture down the path of IoT security?” I think public key infrastructure and the use of digital certificates is really the right starting point for good IoT security.

Public key infrastructure infrastructure facilitates security solutions around those three vulnerabilities. Through the use of digital certificates, you can authenticate connections. Through the use of a certificate, you can place one on an endpoint device and you can place one on a server that it connects to. And when that connection occurs, that session is authenticated through the use of certificates. And then, the second thing that it can do is it can then encrypt the data that’s being passed from point A to point B. Public key infrastructure and those digital certificates are what can help facilitate that for manufacturers.

The third one is public key infrastructure through the use of digital signatures and certificates. Code signing, digital signature checks are very important to ensure that there is integrity, and public key infrastructure can facilitate that as well.

We’re asked all the time where do we start? What do we do? I really think that public key infrastructure is a great place. In addition to that, security by design is critical. Penetration testing is a very important element of secure IoT development. And all of those things, there’s really no silver bullet, but I think that as you’re starting down the path, those are things that are good starting points.

The current state of IoT security really is, I think, scary. I don’t think enough is being done. I’m asked frequently also who’s responsible for IoT security. I’d say that there’s three pillars of responsibility. There’s regulatory responsibility. We see governments, the US, the UK, Japan are moving to put in place regulations that will require manufacturers to act responsibly in the development of their products.

The second pillar I would say would be industries. We see a lot of industries coming together to create security standards, and then holding the manufacturers in that industry accountable to those standards to make sure that they’re operating at a higher level of security.

We’ve seen that DigiCert participated in the handful of industry groups like CableLabs who represents all cable manufacturers, set-top boxes, and they created a security standard for all of their manufacturers to follow. OCF is an industry group, the Open Connectivity Foundation, that is responsible for consumer electronics and they’re building standards for that ecosystem. Industries also have a responsibility to come and try to improve the overall state of security for their industry.

And then the final pillar would be manufacturers, and manufacturers doing the right thing in the product development, in the deployment, in the lifecycle management of their devices is very, very important.

As we look at public key infrastructure and the challenges, public key infrastructure is the technical solution that a lot of people know a little bit about, but they don’t know a lot about. As we have seen manufacturers approaching public key infrastructure, we’ve seen them fall into a handful of common pitfalls and challenges. I’ve had hundreds and hundreds of conversations over the last few years with manufacturers as they have looked to implement public key infrastructure, and we’ve really heard some common challenges that they run into as they’re looking to stand up a public key infrastructure.

The first one is the flexibility of their platform and being able to solve the variety of challenges that are needed. And I say laughingly that every IoT deployment is just another unique IoT deployment. Every device is different, the communication protocol’s different, the computation power is different and a unique lens needs to be looked at every instance. And so having a platform that’s flexible, that allows them to solve all of their challenges instead of just particular ones, is important.

Deployment ease. We see a lot of them run into challenges in deployment configuration. We see challenges with them and complying with country requirements. Having third-party integrations with applications that they want to use as a business is another common challenge. And then finally, degradation of performance is another challenge that we see manufacturers run into.

I encourage people all the time when they’re looking for a solution, to look for a solution that has that flexibility, that has the scalability, that can help them meet the in-country requirements that they’re struggling to do. And I think that if manufacturers get off to a good starting point in those areas, it sets them on a path for success.

OPIS

DigiCert IoT Device Manager

At DigiCert we have built a custom platform that’s responsive in those areas. We just released a platform called DigiCert ONE, and it really is the most modern architecture for PKI, but it addresses those really complex challenges of flexibility and scalability, reliability. The flexibility, not just of the certificate profiles, but also in the way you deploy it. Do you need an on-premise instance of a PKI? Do you need it based on the cloud or do you need a hybrid solution? You need to be able to be flexible in the way that you deliver and stand up your public key infrastructure.
I think that touches on a lot of the points that I wanted to cover today. I hope that this discussion has been helpful and insightful.

Public key infrastructure is a technology that works. It’s proven, it’s standardized and it’s been around for a long time. It still needs to be innovative, and it’s important to make sure that the solutions that you’re putting in place are modern, will meet the requirements for your team today, but also will meet the requirements for your team when you have many, many more connections that you’re trying to secure.

Thank you all for your time today. I hope this has been helpful.

Photos: RSA Conference 2020, part 5

RSA Conference 2020 is underway at the Moscone Center in San Francisco. Check out our microsite for the conference for all the most important news.

Here are a few photos from the event, featured vendors include: MobileIron, CodeScan, BlockChain Security, DigiCert, LogRhythm.

photo gallery RSA Conference 2020

photo gallery RSA Conference 2020

photo gallery RSA Conference 2020

photo gallery RSA Conference 2020

photo gallery RSA Conference 2020

photo gallery RSA Conference 2020

photo gallery RSA Conference 2020

photo gallery RSA Conference 2020

photo gallery RSA Conference 2020

Other photos from the conference are available (1, 2, 3, 4).

New infosec products of the week: February 7, 2020

USB armory Mk II: A secure computer on a USB stick featuring open source hardware design

The USB armory Mk II’s security features include internal and external cryptographic coprocessors, a true random number generator, secure boot capabilities, and more. These features harden the device against a variety of attacks, including physical tampering techniques that can compromise low-level processes like boot protocols.

infosec products February 2020

Acunetix 13 web app security scanner comes with many innovations

Acunetix 13 comes with an improved user interface and introduces innovations such as the SmartScan engine, malware detection functionality, comprehensive network scanning, proof-of-exploit, incremental scanning, and more.

infosec products February 2020

DigiCert launches two new PKI tools to provide fast, flexible PKI deployment

DigiCert announced two new PKI tools: IoT Device Manager and Enterprise PKI Manager. Unlike PKI applications of the past, both PKI managers use a container-based, cloud-agnostic implementation that ensures fast and flexible on-premises, cloud and hybrid PKI deployments. These new offerings are built on the DigiCert ONE platform, which delivers end-to-end centralized user and device certificate management for a variety of deployment models and PKI use cases.

infosec products February 2020

Zyxel launches ZyWALL VPN1000 VPN Firewall, an all-in-one security solution for SMBs

The flagship of the growing Zyxel family of ZyWALL VPN firewalls, VPN1000 is an integrated security solution that combines a firewall with high-performance VPN tunnel capabilities to protect the local network against threats and safeguard data communications between multiple locations or hybrid clouds. It features 12 configurable Gigabit Ethernet ports and two SFP ports. The device can support up to 1,000 concurrent IPSec VPN tunnels and up to 500 SSL VPN users.

infosec products February 2020

Radiflow iRISK: Business-driven industrial risk analytics service for OT networks

iRISK is designed to provide comprehensive vulnerability assessment reporting for OT networks, including risk prioritizations and mitigation recommendations. The iRISK service generates a risk-oriented visibility report for an OT network that includes the details of network properties, risk levels for devices and links, potential attack paths for detected vulnerabilities and more.

infosec products February 2020

Xton Access Manager now includes RDP, SSH and HTTP proxy support

Xton Access Manager now includes advanced proxy support for RDP, SSH and web proxies allowing customers to create secure, high trust remote sessions with full session recording and keystroke monitoring using native desktop or mobile applications. This makes it easier for companies to implement and enforce PAM requirements such as auditing, permissions and password rotation without disrupting existing IT workflows.

infosec products February 2020

NCP Secure Enterprise Management Server now supports 2FA through a web interface

NCP engineering released version 5.30 of the Secure Enterprise Management Server (SEM), a central component of the NCP Next Generation Network Access Technology that serves as a single point of administration. Administrators and users can benefit from the new NCP Authenticator App for generating Time-based One-time Passwords (TOTP), a web interface, and a configuration tool for Linux.

infosec products February 2020

DigiCert launches two new PKI tools to provide fast, flexible PKI deployment

DigiCert announced two new PKI tools: IoT Device Manager and Enterprise PKI Manager.

DigiCert PKI tools

Unlike PKI applications of the past, both PKI managers use a container-based, cloud-agnostic implementation that ensures fast and flexible on-premises, cloud and hybrid PKI deployments. These new offerings are built on the DigiCert ONE platform.

DigiCert ONE is a holistic approach to modernizing PKI management and sets a new standard for fast and flexible PKI deployments. Based on modern software design and engineering, DigiCert ONE delivers end-to-end centralized user and device certificate management for a variety of deployment models and PKI use cases.

“As early adopters of IoT Device Manager and Enterprise PKI Manager, we are looking forward to their ease of use and flexibility for our many initiatives, including our IoT and connected city solutions,” said Mark Stevens, technical lead, British Telecom PKI and Cryptography.

“PKI applications that we’ve used in the past have required weeks of long hours to deploy on-premises, but with DigiCert ONE, after configuring our Docker and network environment, we were up and running the PKI Managers in about 20 minutes.

“British Telecom is excited and looking forward to the benefit of DigiCert ONE’s multiple functionalities and the scalability it will bring for our customers.”

IoT Device Manager allows device manufacturers to:

  • provision and embed device identity at any stage of the device lifecycle, from the factory to device deployment on-premises, in the cloud or hybrid environments
  • simplify device identity, authentication, encryption and integrity with a single click
  • marry device data visualization with cryptographic, manufacturing and factory process data and
  • support standards-based interoperability with many third-party manufacturing and provisioning systems.

Enterprise PKI Manager allows IT teams to:

  • seamlessly and transparently deploy identity, authentication and access to large user populations quickly and with little to no end-user interaction
  • have flexibility in deployment models, supporting customer deployments in private or public cloud, air-gapped environments, or completely managed by DigiCert
  • customize certificates and tailor deployments to their infrastructure and needs and
  • manage out-of-the-box and create custom CA hierarchies.

“Today’s release of the IoT Device Manager and Enterprise PKI Manager in DigiCert ONE meets customers where they want to be with fast, flexible and automated PKI deployment across global networks and within geographies of differing regulatory standards,” said DigiCert CEO John Merrill.

“Whether deploying to their own private or public clouds, or within air-gapped or on-premises networks to meet in-country compliance requirements, IoT Device Manager and Enterprise PKI Manager give customers the tools they need to integrate PKI services that secure their device connection points.”

Developed based on feedback from leading enterprises and IoT device manufacturers, DigiCert ONE meets practical organizational needs, enabling them to:

  • integrate PKI services with established business processes and third-party vendors via a feature-rich REST API
  • facilitate a rapid rollout of PKI services in minutes instead of days, leveraging environment parity and container portability to set up private or public clouds or on-premises quickly and
  • reduce total cost of ownership and complexity with a modern scalable architecture and containerization strategies to provide a high availability PKI platform for their company.

With a continuous deployment model, DigiCert will introduce additional PKI managers to DigiCert ONE, such as secure email, document signing, object signing, individual signing.

From OS to application, DigiCert ONE users will benefit from regular updates that ensure they are always running the most up-to-date software with the latest functionality.